From b452e2df7447156c1cf48b8c578ddf605a5b41fb Mon Sep 17 00:00:00 2001 From: Dominik Csapak Date: Thu, 25 Feb 2021 10:01:20 +0100 Subject: [PATCH] Revert "ui: window/Settings / WebAuthn: add browser setting for userVerificationo" even if the options *could* be set in the frontend, the backend actually has to do validation of those settings, thus we should not make that a browser setting additionally, having the value 'preferred' does not actually make sense, since it does not add any security (the backend skips the userverification check then) This reverts commit aca4c2b5a9de23f7cafab92da0f88123f4ca5d8c. Signed-off-by: Dominik Csapak --- www/LoginView.js | 5 ----- www/window/AddWebauthn.js | 7 ------- www/window/Settings.js | 30 +----------------------------- 3 files changed, 1 insertion(+), 41 deletions(-) diff --git a/www/LoginView.js b/www/LoginView.js index a3ffec77..1c7a977c 100644 --- a/www/LoginView.js +++ b/www/LoginView.js @@ -390,11 +390,6 @@ Ext.define('PBS.login.TfaWindow', { // Byte array fixup, keep challenge string: challenge.string = challenge.publicKey.challenge; challenge.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge.string); - let userVerification = Ext.state.Manager.getProvider().get('webauthn-user-verification'); - if (userVerification !== undefined) { - challenge.publicKey.userVerification = userVerification; - } - for (const cred of challenge.publicKey.allowCredentials) { cred.id = PBS.Utils.base64url_to_bytes(cred.id); } diff --git a/www/window/AddWebauthn.js b/www/window/AddWebauthn.js index d2434f2c..16731a63 100644 --- a/www/window/AddWebauthn.js +++ b/www/window/AddWebauthn.js @@ -79,13 +79,6 @@ Ext.define('PBS.window.AddWebauthn', { // string to pass in the response: let challenge_str = challenge_obj.publicKey.challenge; challenge_obj.publicKey.challenge = PBS.Utils.base64url_to_bytes(challenge_str); - let userVerification = Ext.state.Manager.getProvider().get('webauthn-user-verification'); - if (userVerification !== undefined) { - challenge_obj.publicKey.authenticatorSelection = { - userVerification, - }; - } - challenge_obj.publicKey.user.id = PBS.Utils.base64url_to_bytes(challenge_obj.publicKey.user.id); diff --git a/www/window/Settings.js b/www/window/Settings.js index 7059605c..ee8464be 100644 --- a/www/window/Settings.js +++ b/www/window/Settings.js @@ -30,9 +30,6 @@ Ext.define('PBS.window.Settings', { let username = sp.get('login-username') || Proxmox.Utils.noneText; me.lookupReference('savedUserName').setValue(Ext.String.htmlEncode(username)); - let userverification= sp.get('webauthn-user-verification') || '__default__'; - me.lookupReference('webauthnUserVerification').setValue(userverification); - let settings = ['fontSize', 'fontFamily', 'letterSpacing', 'lineHeight']; settings.forEach(function(setting) { let val = localStorage.getItem('pve-xterm-' + setting); @@ -94,7 +91,7 @@ Ext.define('PBS.window.Settings', { }, 'button[name=reset]': { click: function() { - let blacklist = ['login-username', 'webauthn-user-verification']; + let blacklist = ['login-username']; let sp = Ext.state.Manager.getProvider(); for (const state of Object.values(sp.state)) { if (blacklist.indexOf(state) !== -1) { @@ -117,14 +114,6 @@ Ext.define('PBS.window.Settings', { sp.clear('login-username'); }, }, - 'field[reference=webauthnUserVerification]': { - change: function(e, v) { - if (v === '__default__') { - v = undefined; - } - Ext.state.Manager.getProvider().set('webauthn-user-verification', v); - }, - }, }, }, @@ -185,23 +174,6 @@ Ext.define('PBS.window.Settings', { }, ], }, - { - xtype: 'box', - autoEl: { tag: 'hr' }, - }, - { - xtype: 'proxmoxKVComboBox', - fieldLabel: gettext('WebAuthn User Verification') + ':', - labelWidth: 150, - stateId: 'webauthn-user-verification', - reference: 'webauthnUserVerification', - value: '__default__', - comboItems: [ - ['__default__', Proxmox.Utils.defaultText], - ['discouraged', gettext('Discouraged')], - ['preferred', gettext('Preferred')], - ], - }, ], }, {